Malicious Insider, APT Worries Overshadow Most Common Threats: Survey

While run-of-the-mill attacks, such as denial-of-service attacks and bot compromises, are more common, many companies worry more about advanced persistent threats and insider attacks.

While a hefty portion of companies are worried about advanced persistent threats, industrial espionage and malicious insiders, bot software and denial-of-service attacks are far more common, according to Arbor Networks' 8th Annual Worldwide Infrastructure Security Report released Jan. 29.
The survey of 130 companies found that half of businesses had discovered a system compromised with bot software in their network and nearly half had suffered a distributed denial-of-service attack.
While botnet compromises remained the top concern among respondents, more than half the companies surveyed worried more about targeted attacks, such as advanced persistent threats, even though only 22 percent had actually encountered such an attack in the last 12 months. Industrial espionage and malicious insiders both showed a similar level of concern that outweighed the incidence of the issue.
"I agree that APT and malicious insiders are a disproportionate concern," said Gary Sockrider, Arbor Networks' solutions architect for the Americas. "Even though they are not the most common of observed threats, they are a greater area of concern looking forward."

The survey of service providers and large enterprises found that the bandwidth of the top reported attacks remained constant from the previous year at 60G bps, as did the bandwidth detected by Arbor's own systems, which peaked at 100G bps, the company said. The average attack consistently remains about 1G bps, and typically averaged 1.6G bps by the end of the year, the company said.

The continued increase in attack size is not surprising, following the large-bandwidth denial-of-service attacks aimed at financial institutions by the Izz ad-Din al-Qassam Cyber Fighters, a reputed hacktivist group that is allegedly protesting a video deemed insulting to Muslims and posted on YouTube.
Infrastructure denial-of-service (DoS) attacks, which try to clog network connections with junk data, accounted for 91 percent of all attacks, according to the Arbor report. Application-layer attacks, which try to consume processing time with requests to Web applications, are a small but increasingly important part of attacks and make up the other 9 percent.
"The prevailing wisdom used to be pretty simple: If you have someone in your infrastructure that is being attacked, you kick them out," Sockrider said. "More and more, however, as more entities become potential targets, I think you will see service providers needing to deal with attacks."
Arbor's report focused on DoS attacks, but the disconnect between other threats and the level of corporate concern marks an interesting trend. More than 50 percent of respondents worried about advanced persistent threats on their network, but only 22 percent encountered such threats. Almost 40 percent worried about data exfiltration as part of industrial espionage, but only 5 percent actually reported an incident.
While companies appear to be focusing too keenly on less probable threats, the concerns are in line with the reported risks. While APT, industrial espionage and malicious insiders are less likely to occur, the damages from such attacks are typically higher than mitigating a compromised system or a denial-of-service attack, according to past reports from both Verizon and the Ponemon Institute.